Currently I am using MySQLi to parse a CSV file into a Database, that step has been accomplished. However, My next step would be to make this Database searchable and automatically updated via jQuery.ajax(). Some people suggest that I print out the Database in another page and access it externally. I'm quite new to jquery + ajax so if ...
First look at below query SELECT COUNT(id) AS total_record, id, modeller, MONTHNAME(completed_date) AS current_month, QUARTER(completed_date) AS current_quarter, Difficulty, YEAR(completed_date) AS current_year FROM model WHERE modeller != '' AND completed_date BETWEEN '2010-04-01' AND '2010-05-31' AND Difficulty != '' GROUP...
How do you represent this query as a Zend_Db_Select? select * from t where id = x'0cc175b9c0f1b6a831c399e269772661'; The database is MySQL, using either PDO or mysqli adapters. ...
hello i have problems with this script, i select from 2 tabels but i dont know how to bind the result i get this error Fatal error: Call to a member function bind_result() on a non-object this is my code http://pastebin.com/5sShTSMC Thanks ...
Well thats pretty much it. This is my query: $query = 'ALTER TABLE permissions ADD '.$name.' INT NOT NULL DEFAULT \'0\''; Where $name is already checked to exist with only lower case alpha letters, and not more than 20 length. Im just starting this out with very simple names. The next 4 lines of code after that one are: if($stmt = ...
Hello, i'm totally new to mysqli and i took a generated code and adapted it for my need. UPDATED : public function getServeurByName($string) { $stmt = mysqli_prepare($this->connection, "SELECT * FROM $this->tablename where GSP_nom=?"); $this->throwExceptionOnError(); mysqli_stmt_bind_param($stmt, 's', $strin...
Hi, I'd like to know if there is a simple way to fetch data from mysql tables with "correct" data types? What i mean, if field type is for example INT or SMALLINT is it possible to pass those types directly to PHP as integers? I did some searching and found mysqli_fetch_fields, but for SMALLIT type is 2, for INT 3 and so on. It could b...
I need the very last valid entry in a database table which would be the row with the greatest primary key. So using mysqli, my query is "SELECT MAX(id) FROM table LIMIT 1". This query returns the correct number(using print_r()) but I cannot figure out how to access it. Here is the main code. Note that the $this->link refers to class with...
Assuming that the mysqli object is already instantiatied (and connected) with the global variable $mysql, here is the code I am trying to work with. class Listing { private $mysql; function getListingInfo($l_id = "", $category = "", $subcategory = "", $username = "", $status = "active") { $condition = "`status` = '$status'"; ...
Hey everyone, I'm trying to harden some of my PHP code and use mysqli prepared statements to better validate user input and prevent injection attacks. I switched away from mysqli_real_escape_string as it does not escape % and _. However, when I create my query as a mysqli prepared statement, the same flaw is still present. The query p...
HI, PHP problem here (I think): I've just created a Flex (Flash Builder) project with a datagrid linked to a database - the database is all utf8. When I run the project using the auto-generated code in flex4, the non-English part comes like ????? while the English part comes fine. The auto-generated PHP code uses mysqli. I've tried: ...
Here is my little function. It does not handle the results correctly. I do get all the rows that I want, but all the rows of the $results array contain the exact same values. So i make 2 arrays, a temporary array to hold the values after each fetch, and another array to hold all the temporary arrays. First i take the temp array and map...
I used to do this with PEAR MDb2: $fields_values = array( 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'p.... ); $mdb2->loadModule('Extended'); $result_insert = $mdb2->extended->autoExecute('user', $fields_values, MDB2_AUTOQUERY_INSERT); $new_user_id ...
Is there still an injection risk when using prepared statements and mysqli_stmt_bind_param? For example: $malicious_input = 'bob"; drop table users'; mysqli_stmt_bind_param($stmt, 's', $malicious_input); Behind the scenes does mysqli_stmt_bind_param pass this query string to mysql: SET @username = "bob"; drop table users"; Or do...
I am trying to write a website that has user accounts. There isn't much sensitive information other than the password and email address. But I don't really understand what I'm doing; I'm kind of hacking it along as I go. Is there anything I should be keeping in mind with respect to security or any other important details? ...
Hello all i have createde a forum where i get the name of the user who createde the topic and what user who write the last topic but somehow its order by fk_forum_traad and not the ID. Here is my code $kategoriID = $_GET['kategoriID']; $mysql = connect(); $stmt = $mysql->prepare(" Select t.dato, t.brugernavn, t.fk_forum_kategori, t....
I have the following code that is able to create a class that has a single static instance of the database object, and two static functions for rows and columns. <?php class Database{ private static $instance; private function __construct() {} private function __clone(){} public static function call(){ if(!iss...
So I have this database class in PHP and I only have 1 function in it (other than __construct and __destruct. Let me explain further... I had originally written it so when I connected to a database I would just call my function connect_to_db() which returned a mysqli object. I then used this objects functions (->query(), ->prepare(), -...
I'm currently using the mysqli php extension. Traditionally I have used mysqli_real_escape_string to escape user input. However I am looking at changing over the code (hopefully in as few steps as possible) to use prepared statements. I want to be clear on this - provided I use prepared statements to bind all of my variables, can I be...
Hi guys I created an install wizard but its quite basic and only runs mysqli. How do you think I could best expand this? (non-mysql), what other features are required? I plan to use it for any of my clients who wish for me to create them an app but not give away any server details. Ok so the file structure looks a little like this con...